March 13, 2026 · 7 min read ·

DevOps Is Not a Side Task

devops platform-engineering startups reliability

In this article

Editorial hero illustration for DevOps Is Not a Side Task

Most startups do not have a DevOps tooling problem first. They have an ownership problem.

The request usually sounds reasonable when it lands. Set up CI/CD. Clean up the deploy path. Move infrastructure into code. Add monitoring. Make production safer. Get rid of the scary manual steps.

The problem is what happens next. The work gets handed to one engineer as a side responsibility while the rest of the company keeps optimizing for feature delivery. A sprint later you have half-finished Terraform, brittle pipelines, and alerts nobody really trusts.

Key takeaway

If a company wants the outcome people call “DevOps,” it has to fund the ownership behind it. That means time, standards, and someone who can protect the work from getting pushed aside every sprint.

I have been the person carrying that work on the side. Feature sprint in one hand, broken deploy path in the other. In my experience, the issue is rarely that the team picked the wrong tool. It is that nobody decided the reliability work was important enough to protect.

What teams usually ask for

When someone says “we need DevOps,” they usually mean a few concrete things. CI/CD that works consistently. Infrastructure changes that can be reviewed. Monitoring that catches problems before customers do. Rollback paths that still work when people are stressed. Environments that are close enough to trust.

None of that is unreasonable. What is unrealistic is pretending those outcomes appear because someone wrote a GitHub Actions workflow and a handful of YAML files.

What that request actually costs

Under the surface, there is a lot of work that does not look exciting in a planning meeting.

Somebody has to own the production path end to end. Not vaguely. Really own it. Know why the pipeline is slow. Know why staging drifted away from production. Know why the same service keeps failing health checks on restart.

Somebody also has to define what a safe deployment actually means. Is it enough that the container started? Or do you wait until the health checks pass, error rate stays flat, and the metrics look normal for a bit? Those are very different standards.

Then there is the unglamorous part. Runbooks written before the incident. IAM review. Secret rotation. Guardrails around dangerous infra changes. Going back to fix a class of failure instead of treating each page like a totally new mystery.

That work does not survive for long if it belongs to whoever has the loosest calendar that week.

The failure loop

Startup moves fast early. Somebody SSHes into a box, does a git pull, restarts the service, and everyone calls that a process. Then production grows. Customers show up. Eventually something painful happens, maybe a bad deploy with no rollback, maybe a migration that locks a table much longer than expected.

Leadership realizes the setup is fragile and says the obvious thing: we need proper DevOps.

The work lands on one engineer, usually the senior person who is already carrying a full plate. Every sprint, platform tasks lose to visible feature deadlines. The result is predictable. Terraform gets half-migrated. Monitoring exists for some services but not others. Secrets are still sitting in places they should not be.

Then the next outage happens and the same organization wonders why reliability still looks weak. In most cases, that is not a people problem. It is a prioritization problem.

A practical version that works

Early-stage teams do not need a dedicated platform organization on day one. They do need honesty about scope. This is roughly how I would stage the work.

Phase 1: Make production survivable

Start with the pieces that reduce blast radius when something goes wrong.

First, get everyone deploying through the same path. No more laptop-only mystery deploys. I do not care much whether that path is GitHub Actions, GitLab CI, or a shared runner at this stage. I care that there is one place to inspect when a deploy breaks.

Put everything production depends on under version control. Not just application code. Infra config, deploy scripts, environment handling, anything that changes behavior. When an incident starts with “what changed,” the answer should be traceable.

Get basic monitoring on the critical path. You do not need a grand observability program on day one. A good health check, uptime monitoring, and basic error tracking already change a lot. The important question is simple: do you know the system is down before a customer has to tell you?

Test your backups. Restore them somewhere. Verify the data. If nobody has practiced a restore, then the backup story is mostly hope with a receipt attached.

And before risky changes, decide what would make you roll back and how that rollback actually happens. If the process is fuzzy before the deploy, it will not get clearer once something is on fire.

Phase 2: Make changes safe

Once the basics are there, add guardrails.

Set up CI checks that block obvious mistakes. Linting, type checks, terraform plan output on pull requests, whatever catches the failures you already know about.

Make infrastructure changes reviewable. If people can still run a risky terraform apply locally with no visibility, the team is missing a big part of the safety story.

Move secrets into the right system. Secrets Manager, Parameter Store, Vault, whatever fits. The important part is that production credentials stop living in laptops and random files.

Make every deploy traceable to a commit and a pull request, ideally to a ticket too. During an incident, links beat memory every time.

Write runbooks for the failures that keep coming back. They do not need to be beautiful. They need to be usable when somebody is tired and the pressure is high.

Phase 3: Make the platform repeatable

Only after those basics feel solid would I spend more energy on broader platform work.

Build reusable Terraform modules so new services do not start from zero. That saves time, but more importantly it keeps teams from re-learning the same lessons in slightly different ways.

Create service templates so new projects inherit the release path, not just the code structure. And get environment parity close enough that debugging something in staging still teaches you something useful about production.

Add policy checks that catch the infra mistakes you never want to argue about again. Add cost visibility before the finance conversation arrives. None of this is glamorous, but it compounds well.

What startups should stop doing

Treating platform work like part-time cleanup. If pipeline maintenance loses to feature tickets every sprint, then nobody truly owns it.

Asking for enterprise-grade reliability without funding the work behind it. One person cannot deliver mature reliability, full IaC, and safer release engineering in the margins forever.

Leaving production knowledge inside one person’s head. That is just another single point of failure.

Delaying documentation because it can be cleaned up later. Usually it is not. The details fade, people move on, and the next incident takes longer because nobody can find the context.

And calling every operational gap a tooling gap. Sometimes the tool really is wrong. More often the issue is ownership, follow-through, or a lack of standards.

Keep it simple, keep it honest

If budget or headcount is tight, do not pretend the platform is more mature than it is. Keep the stack simpler. Reduce the risky manual steps first. Be honest about what is still not solved.

Simple and honest beats sophisticated and fragile.

The goal is not to look mature in an architecture diagram. The goal is to make production boring enough that people can move quickly without holding their breath every release. If a startup wants that outcome, the work needs real ownership, not a side quest attached to whoever still has a little room on the sprint board.

← Back to writing